Use strong parameters for Donation

2023-07-29 10:29:09 -07:00 · 2023-07-29 10:29:09 -07:00 · 23b84cba26
commit 23b84cba26
parent f9cd563c82
2 changed files with 7 additions and 3 deletions
--- a/app/controllers/donations_controller.rb
+++ b/app/controllers/donations_controller.rb
@ -25,7 +25,7 @@ class DonationsController < ApplicationController

  def update
    @donation = Donation.from_param(params[:id])
-    @donation.update_attributes params[:donation]
+    @donation.attributes = donation_params

    feature_params = params[:feature] || {}
    @features = @donation.features.find(feature_params.keys)
@ -47,4 +47,10 @@ class DonationsController < ApplicationController
      redirect_to @donation
    end
  end
+
+  private
+
+  def donation_params
+    params.require(:donation).permit(:donor_name)
+  end
 end
--- a/app/models/donation.rb
+++ b/app/models/donation.rb
@ -1,8 +1,6 @@
 class Donation < ActiveRecord::Base
  FEATURE_COST = 500  # in cents = $5.00

-  attr_accessible :donor_name
-
  belongs_to :campaign
  belongs_to :user
  has_many :features, class_name: 'DonationFeature'